From the June 2007 issue of Treasury & Risk magazine

A Posse Mentality

When Cisco Systems Inc., the global leader in Internet networking systems, and SAP AG, the industry giant in business software, started releasing joint solutions--products of their recent partnership to develop an integrated "ecosystem" for automating governance, risk and compliance--there were audible sighs of relief in countless corporate IT and finance offices across the country. These folks, after all, have been confronted in the last few years with some 450 applications in the GRC space, designed to deal with the more than 114,000 government regulations that have been passed since 1990 dealing with governance and compliance. "It's an IT nightmare right now, if you have to buy maybe 50
of those applications, and make them all work together," says Amit Chatterjee, SAP's senior vice president of governance, risk and compliance. "We're trying to make it so you invest in the technology only once, and you deal with all those regulations."

Not to sound like a Verizon commercial, but the key to this innovative partnership boils down to the network--in this case, SAP's and Cisco's service-oriented network architecture and the vast possibilities opened up by their loose coupling. "Without Cisco, once data went into Excel, and then got pasted onto an e-mail, we at SAP couldn't do anything with it," says Chatterjee. With the Cisco link, however, SAP's software can monitor 10 million e-mails in milliseconds.

Take the dilemma posed in data privacy--when, for instance, social security numbers inadvertently end up in e-mails. "We know you cannot just let social security numbers be sent out of the company," Chatterjee says. "But if someone includes social security numbers in an e-mail, then within our ERP, there's no way we can spot it. With Cisco's SONA, however, every time we find nine digits in a message, we can stop it automatically before it goes outside the firewall." Potentially offending messages would get sent back to IT, he says, where they could be checked for violations of SSN privacy rules.

"We believe no individual business software company can go it alone," says Chatterjee. Not surprisingly, other vendors are coming to similar conclusions.

Berlin-based Business Objects, a leading business intelligence software provider, for example, has just announced release of its Business Objects EPM Performance Suite, which features "prefigured connectors" to SAP and Oracle systems which the company says will help companies "manage risk, monitor compliance and improve performance by providing immediate, accurate and trustworthy financial insight with a full audit trail from high level metrics down to the underlying data."

"I think generally that there is a challenge for corporations and for vendors to address the relatively new phenomenon of GRC," says David M. Johnson, a managing director for the technology and risk practice unit at Menlo Park, Calif.-based Protivity. "Individual vendors have offered the components for years, but with Sarbanes-Oxley and the need to focus on ERP, there has been an increasing need to address these things in a seamless manner.
Johnson says that the new trend is towards developing ecosystems. "What you're seeing increasingly is a combination of owned products and very targeted strategic partnerships, with SAP and Cisco being the largest," he explains. "Oracle is attempting to address the problem in a different way--through acquisitions."

Johnson likens the current situation to business process re-engineering in the 1980s and ERP systems in the 1990s. "Now its GRC," he says.

The SAP/Cisco partnership, along with other partnerships between vendors of key applications, is a step along the way. But as tech experts are quick to point out, there's a lot of road even beyond the new horizon.

Comments